diff options
author | Günther Deschner <gd@samba.org> | 2011-09-28 18:12:49 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2011-10-24 19:16:14 +0200 |
commit | 6d85cc6fbc2c34b4b17a155dd4f0ca5ab33f4084 (patch) | |
tree | 2d2991327de0c7a52d773443214687af302ad5b0 | |
parent | 8dbbb542da415ed1d26e5a567482b0a6b7b32cb8 (diff) | |
download | samba-6d85cc6fbc2c34b4b17a155dd4f0ca5ab33f4084.tar.gz samba-6d85cc6fbc2c34b4b17a155dd4f0ca5ab33f4084.tar.xz samba-6d85cc6fbc2c34b4b17a155dd4f0ca5ab33f4084.zip |
s3-winbind: Fix bug 7888 -- deal with buggy 3.0 based PDCs.
Guenther
(cherry picked from commit d7f0de06c119abad609f87121a8a4fb533e82747)
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index df83dc6d118..5c56b8731ab 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1382,18 +1382,29 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain, nt_resp, &my_info3); - if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) - && contact_domain->can_do_samlogon_ex) { - DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " - "retrying with NetSamLogon\n")); - contact_domain->can_do_samlogon_ex = false; + if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) { + /* * It's likely that the server also does not support * validation level 6 */ domain->can_do_validation6 = false; - retry = true; - continue; + + if (contact_domain->can_do_samlogon_ex) { + DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " + "retrying with NetSamLogon\n")); + contact_domain->can_do_samlogon_ex = false; + retry = true; + continue; + } + + /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon + * (no Ex). This happens against old Samba + * DCs. Drop the connection. + */ + invalidate_cm_connection(&contact_domain->conn); + result = NT_STATUS_LOGON_FAILURE; + break; } if (domain->can_do_validation6 && @@ -1996,18 +2007,29 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, nt_resp, &info3); - if ((NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) - && contact_domain->can_do_samlogon_ex) { - DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " - "retrying with NetSamLogon\n")); - contact_domain->can_do_samlogon_ex = false; + if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) { + /* * It's likely that the server also does not support * validation level 6 */ domain->can_do_validation6 = false; - retry = true; - continue; + + if (contact_domain->can_do_samlogon_ex) { + DEBUG(3, ("Got a DC that can not do NetSamLogonEx, " + "retrying with NetSamLogon\n")); + contact_domain->can_do_samlogon_ex = false; + retry = true; + continue; + } + + /* Got DCERPC_FAULT_OP_RNG_ERROR for SamLogon + * (no Ex). This happens against old Samba + * DCs. Drop the connection. + */ + invalidate_cm_connection(&contact_domain->conn); + result = NT_STATUS_LOGON_FAILURE; + break; } if (domain->can_do_validation6 && |